Privacy Policy

3.1 Information You Provide Directly

We collect information you voluntarily provide to us, including:

• Contact information: name, email address, phone number, company name, and job title when you submit forms, request an audit, or contact us
• Account information: email address and authentication credentials when you create a dashboard account
• Communications: the content of messages you send us via email, forms, or our chat interface
• Payment information: billing details necessary to process payments (payment card information is collected and processed directly by our PCI-compliant payment processor and is never stored on our systems)
• Audit and consultation data: business information you share during strategy calls, AI readiness audits, or discovery sessions

3.2 Information Collected Automatically

When you visit our Website, we automatically collect:

• Device and browser information: browser type, operating system, device type, screen resolution, and language preferences
• Usage data: pages visited, time spent on pages, referring URLs, click patterns, and navigation paths
• Network information: IP address, approximate geographic location (city/region level), and internet service provider
• Cookies and similar technologies: see Section 10 (Cookie Policy) for details

3.3 Client Data We Process as a Data Processor

When delivering AI automation services to our clients, we may process data belonging to our clients' customers or end users. This data is processed strictly in accordance with our contractual obligations to the client, including any applicable Data Processing Agreement (DPA). We do not use client data for our own purposes, and we do not combine client data across different clients. Each client's data is logically isolated within our systems.

4.1 Service Delivery

• Providing, maintaining, and improving our AI automation services
• Deploying and managing AI systems on client infrastructure
• Processing transactions and sending related communications
• Providing customer support and responding to inquiries

4.2 Business Operations

• Analyzing Website usage to improve user experience
• Monitoring system performance and ensuring service reliability
• Detecting and preventing fraud, abuse, and security incidents
• Maintaining internal records and administering our business

4.3 Marketing and Communications

• Sending promotional communications about our services (with your consent where required by law)
• Personalizing content and recommendations based on your interests
• You may opt out of marketing communications at any time by following the unsubscribe link in any email or by contacting us at privacy@arxops.com

4.4 Legal Compliance

• Complying with applicable laws, regulations, and legal processes
• Enforcing our Terms of Service and other agreements
• Protecting our rights, property, and safety, and those of our clients and the public

5.1 How We Use AI

We use third-party AI model providers to power the automation systems we build for our clients. These systems may include chatbots, email triage, lead scoring, document analysis, and workflow automation.

5.2 Data Flow

When an AI system processes data:

1. Data is received by the AI system deployed on the client's own infrastructure or our managed infrastructure
2. The data may be sent to third-party AI model providers for processing via encrypted API connections
3. The AI model provider returns a response, which is delivered to the end user or stored as configured by the client
4. Conversation histories and session data may be cached temporarily to provide context within a session

5.3 Our AI Data Commitments

• No training on client data. We do not use client data to train, fine-tune, or improve AI models. We contractually require the same commitment from our third-party AI model providers.
• No selling of data. We never sell, license, or trade personal data or client data to any third party for any purpose.
• No retention beyond contract. Client data processed through AI systems is retained only for the duration specified in the applicable service agreement. Upon termination, all client data is returned or securely deleted.
• Transparency. Each client receives documentation describing which categories of data their AI system processes and how that data flows through the system.
• On-premise option. For clients with strict data residency or sovereignty requirements, we offer deployment configurations where data never leaves the client's own infrastructure.

9.1 Virginia Residents (VCDPA)

If you are a Virginia resident, you have the right to:

• Access the personal data we have collected about you
• Correct inaccuracies in your personal data
• Delete your personal data
• Obtain a copy of your personal data in a portable format
• Opt out of the processing of your personal data for targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects

We do not sell personal data or use it for targeted advertising.

To exercise your rights, contact us at privacy@arxops.com. We will respond to verified requests within 45 days. You may appeal a denial by contacting us at the same address, and we will respond to appeals within 60 days.

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell
• Delete your personal information
• Opt out of sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights
• Correct inaccurate personal information
• Limit use and disclosure of sensitive personal information

To exercise your rights, contact us at privacy@arxops.com. We will respond to verified requests within 45 days, with a possible 45-day extension if necessary (with notice).

In the preceding 12 months, we have not sold personal information, and we do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA/CPRA.

9.3 EEA and UK Residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you have the right to:

• Access your personal data and obtain a copy
• Rectification of inaccurate or incomplete personal data
• Erasure ("right to be forgotten") of your personal data
• Restrict the processing of your personal data
• Data portability — receive your data in a structured, machine-readable format
• Object to processing based on legitimate interests or for direct marketing
• Withdraw consent at any time where processing is based on consent
• Lodge a complaint with your local supervisory authority

Our legal bases for processing personal data include: performance of a contract, compliance with legal obligations, legitimate interests (such as improving our services and ensuring security), and consent (for marketing communications).

To exercise your rights, contact us at privacy@arxops.com. We will respond within 30 days, with a possible extension of up to two additional months for complex requests (with notice).

9.4 How to Exercise Your Rights

For all privacy rights requests:

1. Email privacy@arxops.com with the subject line "Privacy Rights Request"
2. Specify which right(s) you wish to exercise
3. Provide sufficient information for us to verify your identity
4. We will acknowledge your request within 5 business days

We do not charge a fee for processing reasonable privacy rights requests. We may decline requests that are manifestly unfounded, excessive, or repetitive, in accordance with applicable law.

10.1 Essential Cookies

We use essential cookies that are strictly necessary for the operation of our Website. These cookies enable core functionality such as authentication, session management, and security. They cannot be disabled.

10.2 Analytics Cookies

We use analytics cookies to understand how visitors interact with our Website. These cookies collect information in an aggregated form to help us improve our Website's performance and user experience. Analytics cookies are only set with your consent where required by applicable law.

10.3 Advertising Cookies

We do not use advertising cookies or tracking pixels. We do not serve targeted advertisements on our Website.

10.4 Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may impair the functionality of our Website.

13.1 EEA and UK Transfers

For transfers of personal data from the European Economic Area or United Kingdom to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational safeguards where appropriate.

13.2 Data Residency Options

For clients with data residency requirements, we offer deployment configurations where AI systems and associated data are hosted entirely within the client's own infrastructure in their jurisdiction of choice. Contact us for details about on-premise and regional deployment options.